typebounds unconfined_t docker_t; # docker_t is an unconfined domain
typebounds docker_t spc_t; #spc_t is an unconfined domain
typeboulds docker_t docker_lxc_net_t;
docker, rkt, systemd-nspawn, runc are all executing
setexeccon(svirt_lxc_net_t)
For container domains.
Everything works fine until I turn on expand_check in semanage.conf,
which we have been asked to do in Rawhide.
Attached is the current Rawhide docker policy. And here is the output
from semodule -i before it crashes, with a segfault.
Had to add this rule to make it a little quieter, which is caused by a
rule in policy that says we allow all daemons to connecto spc_t;
gen_require(`
type unconfined_t;
attribute daemon;
')
allow daemon unconfined_t:unix_stream_socket connectto;
Why does typebounds care about when a domain is the target of an access,
I think it should only remove options when it is the source.
Otherwise we end up having to loosen the policy to make this work.
As long as docker_t does not have any more "allow docker_t" rules then
"allow unconfined_t", shouldn't this be ok?
It seems that some or the optional code blocks are causing problems also.
Child type docker_t exceeds bounds of parent unconfined_t
(allow docker_t daemon (unix_stream_socket (connectto)))
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1284 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1295 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1297 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1302 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 1303 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1310 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1297 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1302 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
false at line 1319 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1325 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1339 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1344 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 1345 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1346 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1356 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1363 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1365 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1381 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1392 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1394 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1406 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1408 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1467 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1472 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 1473 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1474 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1568 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1573 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 1574 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1581 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1568 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1573 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
false at line 1590 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1596 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1610 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1617 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1623 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1636 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1661 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1681 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1661 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1694 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
allow at line 4508 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 16577 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 16584 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 209 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 539 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 862 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 873 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 875 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
booleanif at line 880 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
true at line 881 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 888 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 875 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
booleanif at line 880 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
false at line 897 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 903 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 978 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 989 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1322 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1329 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6039 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6050 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6092 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6107 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6192 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6201 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6202 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6203 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
allow at line 1028 of /var/lib/selinux/targeted/tmp/modules/100/logging/cil
<root>
allow at line 1044 of /var/lib/selinux/targeted/tmp/modules/100/logging/cil
(allow syslog_client_type syslogd_t (unix_stream_socket (connectto)))
(allow docker_t cluster_pid (sock_file (write getattr append open)))
<root>
allow at line 8791 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 18199 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 18206 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6192 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6201 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6202 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6204 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow daemon cluster_pid (sock_file (write getattr append open)))
(allow docker_t cluster_pid (dir (getattr search open)))
<root>
allow at line 658 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
allow at line 666 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
booleanif at line 957 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 958 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 971 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1498 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1517 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 1518 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1524 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
allow at line 8788 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 515 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 523 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6192 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6201 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6202 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6205 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6192 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6201 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6202 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6216 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6192 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6201 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
false at line 6222 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6224 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow daemon cluster_var_run_t (dir (getattr search open)))
(allow docker_t ptynode (chr_file (ioctl read write getattr lock append open)))
<root>
allow at line 4437 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 8787 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 8819 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 339 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 553 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1343 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 2683 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
booleanif at line 3583 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 3584 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 3585 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
booleanif at line 3583 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 3584 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 3591 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow daemon ttynode (chr_file (ioctl read write getattr lock append open)))
(allow docker_t ttynode (chr_file (ioctl read write getattr lock append open)))
<root>
allow at line 4437 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 553 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
booleanif at line 3583 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 3584 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 3585 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
booleanif at line 3583 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 3584 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 3591 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow daemon ttynode (chr_file (ioctl read write getattr lock append open)))
(allow user_usertype docker_t (association (recvfrom)))
<root>
allow at line 5455 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5468 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1257 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2783 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2786 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
allow at line 2792 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
<root>
optional at line 1257 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2783 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2786 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
allow at line 2803 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
(allow user_usertype daemon (association (recvfrom)))
(allow nscd_t docker_t (process (getattr)))
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1297 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1302 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
false at line 1319 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1320 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1568 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1573 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
false at line 1590 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1591 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 875 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
booleanif at line 880 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
false at line 897 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 898 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6092 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6112 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow nscd_t daemon (process (getattr)))
(allow docker_t staff_usertype (association (recvfrom)))
<root>
allow at line 5453 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5466 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5477 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5483 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2891 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2894 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
allow at line 2902 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
(allow daemon staff_usertype (association (recvfrom)))
(allow docker_t svirt_tcg_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t svirt_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t user_tty_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t uml_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t telnetd_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t sshd_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t rssh_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t rlogind_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t rhgb_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t pppd_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t openfortivpn_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t nx_server_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t kmscon_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t games_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t docker_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t cachefiles_dev_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t zero_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t xserver_misc_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t xen_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t wireless_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t watchdog_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t vmware_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t virtio_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t vhost_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t vfio_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t v4l_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t userio_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t usbtty_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t usbmon_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t usb_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t urandom_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t uhid_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t tun_tap_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t tty_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t tpm_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t tape_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t sound_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t smartcard_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t scsi_generic_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t scanner_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t removable_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t random_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t qemu_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t ptmx_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t printer_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t ppp_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t power_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t nvram_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t nvme_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t null_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t netcontrol_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t mtrr_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t mptctl_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t mouse_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t monitor_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t modem_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t misc_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t memory_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t mei_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t lvm_control_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t loop_control_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t lirc_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t kvm_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t ksm_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t kmsg_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t ipmi_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t infiniband_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t hypervvssd_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t hypervkvp_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t fuse_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t framebuf_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t fixed_disk_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t event_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t ecryptfs_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t dri_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t dlm_control_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t devtty_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t crypt_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t crash_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t cpu_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t console_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t clock_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t bsdpty_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t autofs_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t apm_bios_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t agp_device_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow docker_t device_node (sock_file (getattr)))
<root>
allow at line 8791 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 8821 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 562 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1328 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t svirt_sandbox_file_t (sock_file (write getattr append open)))
(allow docker_t ajaxterm_devpts_t (sock_file (getattr)))
<root>
allow at line 555 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t device_node (sock_file (getattr)))
(allow staff_usertype docker_t (tcp_socket (recvfrom)))
<root>
allow at line 5467 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2891 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2894 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
allow at line 2899 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
(allow staff_usertype daemon (tcp_socket (recvfrom)))
(allow nscd_t docker_t (dir (ioctl read lock)))
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1297 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1302 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
false at line 1319 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1323 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1568 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1573 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
false at line 1590 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1594 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 875 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
booleanif at line 880 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
false at line 897 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 901 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6092 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6109 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow nscd_t daemon (dir (ioctl read getattr lock search open)))
(allow svirt_kvm_net_t docker_t (process (getattr)))
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1333 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (process (getattr)))
(allow svirt_qemu_net_t docker_t (process (getattr)))
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1333 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (process (getattr)))
(allow svirt_lxc_net_t docker_t (process (getattr)))
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1333 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (process (getattr)))
(allow svirt_sandbox_domain docker_t (process (getattr)))
<root>
allow at line 4534 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1333 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (process (getattr)))
(allow docker_t sysctl_net_t (lnk_file (read getattr)))
<root>
allow at line 371 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t sysctl_net_t (lnk_file (read getattr)))
(allow sysadm_t docker_t (udp_socket (recvfrom)))
<root>
optional at line 7365 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
optional at line 7631 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
allow at line 7647 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
(allow sysadm_usertype daemon (udp_socket (recvfrom)))
(allow sysadm_usertype docker_t (udp_socket (recvfrom)))
<root>
optional at line 7365 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
optional at line 7631 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
allow at line 7647 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
(allow sysadm_usertype daemon (udp_socket (recvfrom)))
(allow docker_t initrc_domain (fd (use)))
<root>
allow at line 4531 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
booleanif at line 16426 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
true at line 16427 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 16428 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 2664 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
allow at line 2712 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow daemon initrc_domain (fd (use)))
(allow staff_wine_t docker_t (udp_socket (recvfrom)))
<root>
optional at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2891 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2894 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
allow at line 2910 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
(allow staff_usertype daemon (udp_socket (recvfrom)))
(allow staff_t docker_t (udp_socket (recvfrom)))
<root>
optional at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2891 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2894 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
allow at line 2910 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
(allow staff_usertype daemon (udp_socket (recvfrom)))
(allow staff_usertype docker_t (udp_socket (recvfrom)))
<root>
optional at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2891 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2894 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
allow at line 2910 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
(allow staff_usertype daemon (udp_socket (recvfrom)))
(allow init_t docker_t (unix_dgram_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown)))
<root>
allow at line 2668 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
allow at line 2692 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow init_t daemon (unix_dgram_socket (ioctl read write create getattr setattr lock append bind connect getopt setopt shutdown)))
(allow docker_t svirt_sandbox_domain (unix_stream_socket (connectto)))
<root>
allow at line 4508 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1329 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6192 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6201 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6202 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6203 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow daemon daemon (unix_stream_socket (connectto)))
(allow nscd_t docker_t (lnk_file (read getattr)))
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1297 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1302 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
false at line 1319 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1321 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1568 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1573 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
false at line 1590 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1592 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 875 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
booleanif at line 880 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
false at line 897 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 899 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6092 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6111 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow nscd_t daemon (lnk_file (read getattr)))
(allow cluster_t docker_t (process (transition)))
<root>
allow at line 2711 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow initrc_domain daemon (process (transition)))
(allow piranha_pulse_t docker_t (process (transition)))
<root>
allow at line 2711 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow initrc_domain daemon (process (transition)))
(allow openshift_initrc_t docker_t (process (transition)))
<root>
allow at line 2711 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow initrc_domain daemon (process (transition)))
(allow kdumpctl_t docker_t (process (transition)))
<root>
allow at line 2711 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow initrc_domain daemon (process (transition)))
(allow initrc_t docker_t (process (transition)))
<root>
allow at line 2711 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow initrc_domain daemon (process (transition)))
(allow initrc_domain docker_t (process (transition)))
<root>
allow at line 2711 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow initrc_domain daemon (process (transition)))
(allow glusterd_t docker_t (process (transition)))
<root>
allow at line 2711 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow initrc_domain daemon (process (transition)))
(allow condor_startd_t docker_t (process (transition)))
<root>
allow at line 2711 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow initrc_domain daemon (process (transition)))
(allow staff_usertype docker_t (peer (recv)))
<root>
allow at line 5458 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5470 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2891 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2894 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
allow at line 2903 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
<root>
optional at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2891 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2894 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
allow at line 2912 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
(allow staff_usertype daemon (peer (recv)))
(allow init_t docker_t (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown)))
<root>
allow at line 2667 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
allow at line 2691 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow init_t daemon (unix_stream_socket (ioctl read write create getattr setattr lock append bind connect listen accept getopt setopt shutdown)))
(allow docker_t configfile (file (ioctl read getattr lock open)))
<root>
allow at line 634 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
allow at line 639 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
allow at line 665 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
allow at line 671 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
allow at line 673 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
booleanif at line 957 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 958 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 966 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
booleanif at line 957 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 958 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 972 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1408 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1425 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1498 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1517 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 1518 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1519 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1498 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
booleanif at line 1517 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
true at line 1518 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1525 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
optional at line 1230 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
optional at line 1661 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
allow at line 1686 of /var/lib/selinux/targeted/tmp/modules/100/authlogin/cil
<root>
allow at line 4492 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 8786 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 18016 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 18022 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 221 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 389 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 416 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 522 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 528 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1000 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1030 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1310 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6236 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6239 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6240 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6241 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6236 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6239 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
false at line 6247 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6248 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow daemon cluster_conf_t (file (ioctl read getattr lock open)))
(allow docker_t initrc_domain (process (sigchld)))
<root>
allow at line 4534 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 18016 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 18019 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1354 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 2714 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
(allow daemon initrc_domain (process (sigchld)))
(allow svirt_kvm_net_t docker_t (dir (ioctl read getattr lock search open)))
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1330 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (dir (ioctl read getattr lock search open)))
(allow svirt_qemu_net_t docker_t (dir (ioctl read getattr lock search open)))
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1330 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (dir (ioctl read getattr lock search open)))
(allow svirt_lxc_net_t docker_t (dir (ioctl read getattr lock search open)))
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1330 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (dir (ioctl read getattr lock search open)))
(allow svirt_sandbox_domain docker_t (dir (ioctl read getattr lock search open)))
<root>
allow at line 4539 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1330 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (dir (ioctl read getattr lock search open)))
(allow staff_usertype docker_t (association (recvfrom)))
<root>
allow at line 5455 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5468 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2891 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2894 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
allow at line 2900 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
<root>
optional at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2891 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
optional at line 2894 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
allow at line 2911 of /var/lib/selinux/targeted/tmp/modules/100/staff/cil
(allow staff_usertype daemon (association (recvfrom)))
(allow user_usertype docker_t (tcp_socket (recvfrom)))
<root>
allow at line 5467 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1257 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2783 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2786 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
allow at line 2791 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
(allow user_usertype daemon (tcp_socket (recvfrom)))
(allow sysadm_usertype docker_t (tcp_socket (recvfrom)))
<root>
allow at line 5467 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 7365 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
optional at line 7631 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
allow at line 7636 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
(allow sysadm_usertype daemon (tcp_socket (recvfrom)))
(allow docker_t userdomain (unix_stream_socket (connectto)))
<root>
allow at line 4508 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 700 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 847 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow daemon unconfined_t (unix_stream_socket (connectto)))
(allow docker_t userdomain (lnk_file (read getattr)))
<root>
allow at line 4541 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 710 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t userdomain (lnk_file (read getattr)))
(allow docker_t non_security_file_type (dir (write setattr mounton)))
<root>
allow at line 8788 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 8817 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 13052 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 13055 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 13057 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 13097 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 16612 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 16621 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 16730 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 16797 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 16730 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 16799 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 16730 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 16801 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 16730 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 16856 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 16730 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 16858 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 16730 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 16860 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 17962 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 17970 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 17962 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 17971 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 17962 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 17972 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 17962 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 17973 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 17962 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 17974 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 17962 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
allow at line 17975 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 210 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 212 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 213 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 214 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 217 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 218 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 219 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 220 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 222 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 223 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 224 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 225 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 234 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 235 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 236 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 237 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 239 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 242 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 253 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 254 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 255 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 256 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 258 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 260 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 264 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 265 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 266 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 268 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 270 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 273 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 276 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 281 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 285 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 286 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 287 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 289 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 299 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 300 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 302 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 305 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 307 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 309 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 319 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 323 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 324 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 325 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 327 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 329 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 331 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 334 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 540 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 547 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 549 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 580 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 586 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 587 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 591 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 594 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 595 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 596 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 600 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 602 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 687 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 689 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 691 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 762 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1335 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1336 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1337 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1339 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1342 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1344 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1363 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
booleanif at line 3577 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 3578 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 3580 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6192 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6201 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6202 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6212 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6192 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6201 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6202 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6216 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6236 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6239 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6240 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6242 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6236 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6239 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6240 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6243 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
optional at line 4356 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 4651 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5414 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 5494 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6180 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
optional at line 6236 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
booleanif at line 6239 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
true at line 6240 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
allow at line 6244 of /var/lib/selinux/targeted/tmp/modules/100/init/cil
<root>
allow at line 274 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 282 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 285 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 288 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 291 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 294 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 297 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 300 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 303 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 306 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 309 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
allow at line 312 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1104 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1107 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1114 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1117 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1122 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1128 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1122 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1131 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1122 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1134 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1122 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1137 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1122 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1138 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1122 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1139 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1122 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1140 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1149 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1152 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1149 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1155 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1149 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1158 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1165 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1168 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1186 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1189 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1192 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1195 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1198 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1201 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1204 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1207 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1210 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1213 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1216 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1219 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1223 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1224 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1225 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1226 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1227 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1228 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1233 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1238 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1241 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1244 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1247 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1250 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1253 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1256 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1259 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1262 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1265 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1268 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1273 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1278 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1283 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1288 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1293 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1298 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1173 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1303 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1346 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1349 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1354 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1358 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1354 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1361 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1354 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1364 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1371 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1374 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1371 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1377 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1388 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1389 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1392 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1395 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1398 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1401 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1404 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1407 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1410 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1413 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1416 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1419 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1422 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1425 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1428 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1431 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1434 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1437 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1440 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1443 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1446 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1449 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1452 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1455 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1482 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1485 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1383 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1482 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1490 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1499 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1503 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1499 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1506 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1499 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1509 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1499 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1512 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1499 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1515 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1499 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1518 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1499 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1521 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1532 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1535 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1532 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1538 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1532 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1541 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1532 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1547 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1550 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1558 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1561 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1558 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1564 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1558 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1567 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1558 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1570 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1558 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1574 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1558 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1576 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1558 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1578 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1558 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1580 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1590 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1596 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1590 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1598 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1590 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1599 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1590 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1602 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1590 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1606 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1624 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1625 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1626 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1627 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1628 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1631 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1640 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1645 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1640 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1650 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1640 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1655 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1640 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1660 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1640 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1665 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1613 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1640 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1671 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1685 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1688 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1685 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1691 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1685 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1696 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1699 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1707 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1710 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1715 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1719 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1715 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1722 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1715 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1725 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1715 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1729 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1735 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1715 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1729 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1740 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1715 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1729 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1745 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1715 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1729 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1750 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1715 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1729 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1755 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1715 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1729 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1761 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1784 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1787 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1790 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1793 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1796 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1799 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1802 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1805 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1808 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1811 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1814 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1817 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1820 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1823 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1826 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1829 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1832 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1835 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1838 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1841 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1844 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1847 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1850 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1853 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1856 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1859 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1862 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1865 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1868 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1871 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1872 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1874 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1876 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1878 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1880 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1882 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1884 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1886 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1888 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1890 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1892 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1894 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1896 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1898 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1900 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1902 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1904 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1906 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1908 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1910 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1912 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1914 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1916 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1918 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1920 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1922 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1924 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1926 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1985 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 1989 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
<root>
optional at line 1775 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
optional at line 1997 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
allow at line 2000 of /var/lib/selinux/targeted/tmp/modules/100/userdomain/cil
(allow userdom_filetrans_type cache_home_t (dir (ioctl read write getattr lock add_name remove_name search open)))
(allow docker_t user_usertype (association (recvfrom)))
<root>
allow at line 5453 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5466 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5477 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5483 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1257 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2783 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2786 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
allow at line 2794 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
(allow daemon user_usertype (association (recvfrom)))
(allow docker_t userdomain (dir (getattr search open)))
<root>
allow at line 4539 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 707 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
<root>
allow at line 709 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow docker_t userdomain (dir (getattr search open)))
(allow svirt_kvm_net_t docker_t (lnk_file (read getattr)))
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1332 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (lnk_file (read getattr)))
(allow svirt_qemu_net_t docker_t (lnk_file (read getattr)))
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1332 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (lnk_file (read getattr)))
(allow svirt_lxc_net_t docker_t (lnk_file (read getattr)))
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1332 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (lnk_file (read getattr)))
(allow svirt_sandbox_domain docker_t (lnk_file (read getattr)))
<root>
allow at line 4541 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1296 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
allow at line 1332 of /var/lib/selinux/targeted/tmp/modules/400/docker/cil
(allow svirt_sandbox_domain docker_t (lnk_file (read getattr)))
(allow sysadm_usertype docker_t (peer (recv)))
<root>
allow at line 5458 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5470 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 7365 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
optional at line 7631 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
allow at line 7640 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
<root>
optional at line 7365 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
optional at line 7631 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
allow at line 7649 of /var/lib/selinux/targeted/tmp/modules/100/sysadm/cil
(allow sysadm_usertype daemon (peer (recv)))
(allow docker_t user_usertype (tcp_socket (recvfrom)))
<root>
allow at line 4502 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
allow at line 5465 of /var/lib/selinux/targeted/tmp/modules/100/base/cil
<root>
optional at line 1257 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2783 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
optional at line 2786 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
allow at line 2793 of /var/lib/selinux/targeted/tmp/modules/100/unprivuser/cil
(allow daemon user_usertype (tcp_socket (recvfrom)))
(allow direct_run_init docker_t (process (noatsecure siginh rlimitinh)))
policy_module(docker, 1.0.0)
########################################
#
# Declarations
#
## <desc>
## <p>
## Determine whether docker can
## connect to all TCP ports.
## </p>
## </desc>
gen_tunable(docker_connect_any, false)
type docker_t;
type docker_exec_t;
init_daemon_domain(docker_t, docker_exec_t)
domain_subj_id_change_exemption(docker_t)
domain_role_change_exemption(docker_t)
type spc_t;
domain_type(spc_t)
role system_r types spc_t;
type docker_auth_t;
type docker_auth_exec_t;
init_daemon_domain(docker_auth_t, docker_auth_exec_t)
type spc_var_run_t;
files_pid_file(spc_var_run_t)
type docker_var_lib_t;
files_type(docker_var_lib_t)
type docker_home_t;
userdom_user_home_content(docker_home_t)
type docker_config_t;
files_config_file(docker_config_t)
type docker_lock_t;
files_lock_file(docker_lock_t)
type docker_log_t;
logging_log_file(docker_log_t)
type docker_tmp_t;
files_tmp_file(docker_tmp_t)
type docker_tmpfs_t;
files_tmpfs_file(docker_tmpfs_t)
type docker_var_run_t;
files_pid_file(docker_var_run_t)
type docker_plugin_var_run_t;
files_pid_file(docker_plugin_var_run_t)
type docker_unit_file_t;
systemd_unit_file(docker_unit_file_t)
type docker_devpts_t;
term_pty(docker_devpts_t)
type docker_share_t;
files_type(docker_share_t)
########################################
#
# docker local policy
#
allow docker_t self:capability { chown kill fowner fsetid mknod net_admin net_bind_service net_raw setfcap };
allow docker_t self:tun_socket relabelto;
allow docker_t self:process { getattr signal_perms setrlimit setfscreate };
allow docker_t self:fifo_file rw_fifo_file_perms;
allow docker_t self:unix_stream_socket create_stream_socket_perms;
allow docker_t self:tcp_socket create_stream_socket_perms;
allow docker_t self:udp_socket create_socket_perms;
allow docker_t self:capability2 block_suspend;
docker_auth_stream_connect(docker_t)
manage_files_pattern(docker_t, docker_home_t, docker_home_t)
manage_dirs_pattern(docker_t, docker_home_t, docker_home_t)
manage_lnk_files_pattern(docker_t, docker_home_t, docker_home_t)
userdom_admin_home_dir_filetrans(docker_t, docker_home_t, dir, ".docker")
manage_dirs_pattern(docker_t, docker_config_t, docker_config_t)
manage_files_pattern(docker_t, docker_config_t, docker_config_t)
files_etc_filetrans(docker_t, docker_config_t, dir, "docker")
manage_dirs_pattern(docker_t, docker_lock_t, docker_lock_t)
manage_files_pattern(docker_t, docker_lock_t, docker_lock_t)
files_lock_filetrans(docker_t, docker_lock_t, { dir file }, "lxc")
manage_dirs_pattern(docker_t, docker_log_t, docker_log_t)
manage_files_pattern(docker_t, docker_log_t, docker_log_t)
manage_lnk_files_pattern(docker_t, docker_log_t, docker_log_t)
logging_log_filetrans(docker_t, docker_log_t, { dir file lnk_file })
allow docker_t docker_log_t:dir_file_class_set { relabelfrom relabelto };
filetrans_pattern(docker_t, docker_var_lib_t, docker_log_t, file, "container-json.log")
manage_dirs_pattern(docker_t, docker_tmp_t, docker_tmp_t)
manage_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
manage_lnk_files_pattern(docker_t, docker_tmp_t, docker_tmp_t)
files_tmp_filetrans(docker_t, docker_tmp_t, { dir file lnk_file })
manage_dirs_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_lnk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_fifo_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_chr_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
manage_blk_files_pattern(docker_t, docker_tmpfs_t, docker_tmpfs_t)
allow docker_t docker_tmpfs_t:dir relabelfrom;
can_exec(docker_t, docker_tmpfs_t)
fs_tmpfs_filetrans(docker_t, docker_tmpfs_t, { dir file })
allow docker_t docker_tmpfs_t:chr_file mounton;
manage_dirs_pattern(docker_t, docker_share_t, docker_share_t)
manage_files_pattern(docker_t, docker_share_t, docker_share_t)
manage_lnk_files_pattern(docker_t, docker_share_t, docker_share_t)
allow docker_t docker_share_t:dir_file_class_set { relabelfrom relabelto };
can_exec(docker_t, docker_share_t)
#docker_filetrans_named_content(docker_t)
manage_dirs_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
manage_chr_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
manage_blk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
manage_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
manage_lnk_files_pattern(docker_t, docker_var_lib_t, docker_var_lib_t)
allow docker_t docker_var_lib_t:dir_file_class_set { relabelfrom relabelto };
files_var_lib_filetrans(docker_t, docker_var_lib_t, { dir file lnk_file })
manage_dirs_pattern(docker_t, docker_var_run_t, docker_var_run_t)
manage_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
manage_fifo_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
manage_sock_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
manage_lnk_files_pattern(docker_t, docker_var_run_t, docker_var_run_t)
files_pid_filetrans(docker_t, docker_var_run_t, { dir file lnk_file sock_file })
allow docker_t docker_devpts_t:chr_file { relabelfrom rw_chr_file_perms setattr_chr_file_perms };
term_create_pty(docker_t, docker_devpts_t)
kernel_read_system_state(docker_t)
kernel_read_network_state(docker_t)
kernel_read_all_sysctls(docker_t)
kernel_rw_net_sysctls(docker_t)
kernel_setsched(docker_t)
kernel_read_all_proc(docker_t)
domain_use_interactive_fds(docker_t)
domain_dontaudit_read_all_domains_state(docker_t)
corecmd_exec_bin(docker_t)
corecmd_exec_shell(docker_t)
corenet_tcp_bind_generic_node(docker_t)
corenet_tcp_sendrecv_generic_if(docker_t)
corenet_tcp_sendrecv_generic_node(docker_t)
corenet_tcp_sendrecv_generic_port(docker_t)
corenet_tcp_bind_all_ports(docker_t)
corenet_tcp_connect_http_port(docker_t)
corenet_tcp_connect_commplex_main_port(docker_t)
corenet_udp_sendrecv_generic_if(docker_t)
corenet_udp_sendrecv_generic_node(docker_t)
corenet_udp_sendrecv_all_ports(docker_t)
corenet_udp_bind_generic_node(docker_t)
corenet_udp_bind_all_ports(docker_t)
files_read_config_files(docker_t)
files_dontaudit_getattr_all_dirs(docker_t)
files_dontaudit_getattr_all_files(docker_t)
fs_read_cgroup_files(docker_t)
fs_read_tmpfs_symlinks(docker_t)
fs_search_all(docker_t)
fs_getattr_all_fs(docker_t)
storage_raw_rw_fixed_disk(docker_t)
auth_use_nsswitch(docker_t)
auth_dontaudit_getattr_shadow(docker_t)
init_read_state(docker_t)
init_status(docker_t)
logging_send_audit_msgs(docker_t)
logging_send_syslog_msg(docker_t)
miscfiles_read_localization(docker_t)
mount_domtrans(docker_t)
seutil_read_default_contexts(docker_t)
seutil_read_config(docker_t)
sysnet_dns_name_resolve(docker_t)
sysnet_exec_ifconfig(docker_t)
optional_policy(`
rpm_exec(docker_t)
rpm_read_db(docker_t)
rpm_exec(docker_t)
')
optional_policy(`
fstools_domtrans(docker_t)
')
optional_policy(`
iptables_domtrans(docker_t)
')
optional_policy(`
openvswitch_stream_connect(docker_t)
')
#
# lxc rules
#
allow docker_t self:capability { dac_override setgid setpcap setuid sys_admin sys_boot sys_chroot sys_ptrace };
allow docker_t self:process { getcap setcap setexec setpgid setsched signal_perms };
allow docker_t self:netlink_route_socket rw_netlink_socket_perms;;
allow docker_t self:netlink_audit_socket create_netlink_socket_perms;
allow docker_t self:unix_dgram_socket { create_socket_perms sendto };
allow docker_t self:unix_stream_socket { create_stream_socket_perms connectto };
allow docker_t docker_var_lib_t:dir mounton;
allow docker_t docker_var_lib_t:chr_file mounton;
can_exec(docker_t, docker_var_lib_t)
kernel_dontaudit_setsched(docker_t)
kernel_get_sysvipc_info(docker_t)
kernel_request_load_module(docker_t)
kernel_mounton_messages(docker_t)
kernel_mounton_all_proc(docker_t)
kernel_mounton_all_sysctls(docker_t)
dev_getattr_all(docker_t)
dev_getattr_sysfs_fs(docker_t)
dev_read_urand(docker_t)
dev_read_lvm_control(docker_t)
dev_rw_sysfs(docker_t)
dev_rw_loop_control(docker_t)
dev_rw_lvm_control(docker_t)
files_getattr_isid_type_dirs(docker_t)
files_manage_isid_type_dirs(docker_t)
files_manage_isid_type_files(docker_t)
files_manage_isid_type_symlinks(docker_t)
files_manage_isid_type_chr_files(docker_t)
files_manage_isid_type_blk_files(docker_t)
files_exec_isid_files(docker_t)
files_mounton_isid(docker_t)
files_mounton_non_security(docker_t)
files_mounton_isid_type_chr_file(docker_t)
fs_mount_all_fs(docker_t)
fs_unmount_all_fs(docker_t)
fs_remount_all_fs(docker_t)
files_mounton_isid(docker_t)
fs_manage_cgroup_dirs(docker_t)
fs_manage_cgroup_files(docker_t)
fs_relabelfrom_xattr_fs(docker_t)
fs_relabelfrom_tmpfs(docker_t)
fs_read_tmpfs_symlinks(docker_t)
fs_list_hugetlbfs(docker_t)
term_use_generic_ptys(docker_t)
term_use_ptmx(docker_t)
term_getattr_pty_fs(docker_t)
term_relabel_pty_fs(docker_t)
term_mounton_unallocated_ttys(docker_t)
modutils_domtrans_insmod(docker_t)
systemd_status_all_unit_files(docker_t)
systemd_start_systemd_services(docker_t)
userdom_stream_connect(docker_t)
userdom_search_user_home_content(docker_t)
userdom_read_all_users_state(docker_t)
userdom_relabel_user_home_files(docker_t)
userdom_relabel_user_tmp_files(docker_t)
userdom_relabel_user_tmp_dirs(docker_t)
optional_policy(`
gpm_getattr_gpmctl(docker_t)
')
optional_policy(`
dbus_system_bus_client(docker_t)
init_dbus_chat(docker_t)
init_start_transient_unit(docker_t)
optional_policy(`
systemd_dbus_chat_logind(docker_t)
systemd_dbus_chat_machined(docker_t)
')
optional_policy(`
firewalld_dbus_chat(docker_t)
')
')
optional_policy(`
udev_read_db(docker_t)
')
optional_policy(`
unconfined_domain(docker_t)
unconfined_typebounds(docker_t)
')
optional_policy(`
virt_read_config(docker_t)
virt_exec(docker_t)
virt_stream_connect(docker_t)
virt_stream_connect_sandbox(docker_t)
virt_exec_sandbox_files(docker_t)
virt_manage_sandbox_files(docker_t)
virt_relabel_sandbox_filesystem(docker_t)
# for lxc
virt_transition_svirt_sandbox(docker_t, system_r)
virt_mounton_sandbox_file(docker_t)
# virt_attach_sandbox_tun_iface(docker_t)
allow docker_t svirt_sandbox_domain:tun_socket relabelfrom;
virt_sandbox_entrypoint(docker_t)
')
tunable_policy(`docker_connect_any',`
corenet_tcp_connect_all_ports(docker_t)
corenet_sendrecv_all_packets(docker_t)
corenet_tcp_sendrecv_all_ports(docker_t)
')
########################################
#
# spc local policy
#
allow spc_t { docker_var_lib_t docker_share_t }:file entrypoint;
role system_r types spc_t;
domtrans_pattern(docker_t, docker_share_t, spc_t)
domtrans_pattern(docker_t, docker_var_lib_t, spc_t)
allow docker_t spc_t:process { setsched signal_perms };
ps_process_pattern(docker_t, spc_t)
allow docker_t spc_t:socket_class_set { relabelto relabelfrom };
filetrans_pattern(docker_t, docker_var_lib_t, docker_share_t, dir, "overlay")
optional_policy(`
systemd_dbus_chat_machined(spc_t)
')
optional_policy(`
dbus_chat_system_bus(spc_t)
')
optional_policy(`
unconfined_domain_noaudit(spc_t)
')
optional_policy(`
virt_transition_svirt_sandbox(spc_t, system_r)
virt_sandbox_entrypoint(spc_t)
')
########################################
#
# docker_auth local policy
#
allow docker_auth_t self:fifo_file rw_fifo_file_perms;
allow docker_auth_t self:unix_stream_socket create_stream_socket_perms;
dontaudit docker_auth_t self:capability net_admin;
docker_stream_connect(docker_auth_t)
manage_dirs_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
manage_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
manage_sock_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
manage_lnk_files_pattern(docker_auth_t, docker_plugin_var_run_t, docker_plugin_var_run_t)
files_pid_filetrans(docker_auth_t, docker_plugin_var_run_t, { dir file lnk_file sock_file })
domain_use_interactive_fds(docker_auth_t)
kernel_read_net_sysctls(docker_auth_t)
auth_use_nsswitch(docker_auth_t)
files_read_etc_files(docker_auth_t)
miscfiles_read_localization(docker_auth_t)
sysnet_dns_name_resolve(docker_auth_t)
gen_require(`
type unconfined_t;
attribute daemon;
')
allow daemon unconfined_t:unix_stream_socket connectto;
/root/\.docker gen_context(system_u:object_r:docker_home_t,s0)
/usr/libexec/docker/docker.* -- gen_context(system_u:object_r:docker_exec_t,s0)
/usr/bin/docker.* -- gen_context(system_u:object_r:docker_exec_t,s0)
/usr/bin/docker-latest -- gen_context(system_u:object_r:docker_exec_t,s0)
/usr/bin/docker-novolume-plugin -- gen_context(system_u:object_r:docker_auth_exec_t,s0)
/usr/lib/docker/docker-novolume-plugin -- gen_context(system_u:object_r:docker_auth_exec_t,s0)
/usr/lib/systemd/system/docker.service -- gen_context(system_u:object_r:docker_unit_file_t,s0)
/usr/lib/systemd/system/docker-novolume-plugin.service -- gen_context(system_u:object_r:docker_unit_file_t,s0)
/etc/docker(/.*)? gen_context(system_u:object_r:docker_config_t,s0)
/etc/docker-latest(/.*)? gen_context(system_u:object_r:docker_config_t,s0)
/var/lib/docker(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
/var/lib/docker/overlay(/.*)? gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/vfs(/.*)? gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
/var/lib/docker-latest/vfs(/.*)? gen_context(system_u:object_r:svirt_sandbox_file_t,s0)
/var/lib/docker/init(/.*)? gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker-latest/init(/.*)? gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/containers/.*/hosts gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker-latest/containers/.*/hosts gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/containers/.*/hostname gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker-latest/containers/.*/hostname gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker/containers/.*/.*\.log gen_context(system_u:object_r:docker_log_t,s0)
/var/lib/docker-latest/containers/.*/.*\.log gen_context(system_u:object_r:docker_log_t,s0)
/var/lib/docker/.*/config\.env gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/docker-latest/.*/config\.env gen_context(system_u:object_r:docker_share_t,s0)
/var/lib/kublet(/.*)? gen_context(system_u:object_r:docker_var_lib_t,s0)
/var/run/docker(/.*)? gen_context(system_u:object_r:docker_var_run_t,s0)
/var/run/docker\.pid -- gen_context(system_u:object_r:docker_var_run_t,s0)
/var/run/docker\.sock -s gen_context(system_u:object_r:docker_var_run_t,s0)
/var/run/docker-client(/.*)? gen_context(system_u:object_r:docker_var_run_t,s0)
/var/run/docker/plugins(/.*)? gen_context(system_u:object_r:docker_plugin_var_run_t,s0)
/var/lock/lxc(/.*)? gen_context(system_u:object_r:docker_lock_t,s0)
/var/log/lxc(/.*)? gen_context(system_u:object_r:docker_log_t,s0)
## <summary>The open-source application container engine.</summary>
########################################
## <summary>
## Execute docker in the docker domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`docker_domtrans',`
gen_require(`
type docker_t, docker_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, docker_exec_t, docker_t)
')
########################################
## <summary>
## Execute docker in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`docker_exec',`
gen_require(`
type docker_exec_t;
')
corecmd_search_bin($1)
can_exec($1, docker_exec_t)
')
########################################
## <summary>
## Search docker lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_search_lib',`
gen_require(`
type docker_var_lib_t;
')
allow $1 docker_var_lib_t:dir search_dir_perms;
files_search_var_lib($1)
')
########################################
## <summary>
## Execute docker lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_exec_lib',`
gen_require(`
type docker_var_lib_t;
')
allow $1 docker_var_lib_t:dir search_dir_perms;
can_exec($1, docker_var_lib_t)
')
########################################
## <summary>
## Read docker lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_read_lib_files',`
gen_require(`
type docker_var_lib_t;
')
files_search_var_lib($1)
read_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
')
########################################
## <summary>
## Read docker share files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_read_share_files',`
gen_require(`
type docker_share_t;
')
files_search_var_lib($1)
list_dirs_pattern($1, docker_share_t, docker_share_t)
read_files_pattern($1, docker_share_t, docker_share_t)
read_lnk_files_pattern($1, docker_share_t, docker_share_t)
')
######################################
## <summary>
## Allow the specified domain to execute apache
## in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`apache_exec',`
gen_require(`
type httpd_exec_t;
')
can_exec($1, httpd_exec_t)
')
######################################
## <summary>
## Allow the specified domain to execute docker shared files
## in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_exec_share_files',`
gen_require(`
type docker_share_t;
')
can_exec($1, docker_share_t)
')
########################################
## <summary>
## Manage docker lib files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_manage_lib_files',`
gen_require(`
type docker_var_lib_t;
')
files_search_var_lib($1)
manage_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
manage_lnk_files_pattern($1, docker_var_lib_t, docker_var_lib_t)
')
########################################
## <summary>
## Manage docker lib directories.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_manage_lib_dirs',`
gen_require(`
type docker_var_lib_t;
')
files_search_var_lib($1)
manage_dirs_pattern($1, docker_var_lib_t, docker_var_lib_t)
')
########################################
## <summary>
## Create objects in a docker var lib directory
## with an automatic type transition to
## a specified private type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <param name="private_type">
## <summary>
## The type of the object to create.
## </summary>
## </param>
## <param name="object_class">
## <summary>
## The class of the object to be created.
## </summary>
## </param>
## <param name="name" optional="true">
## <summary>
## The name of the object being created.
## </summary>
## </param>
#
interface(`docker_lib_filetrans',`
gen_require(`
type docker_var_lib_t;
')
filetrans_pattern($1, docker_var_lib_t, $2, $3, $4)
')
########################################
## <summary>
## Read docker PID files.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_read_pid_files',`
gen_require(`
type docker_var_run_t;
')
files_search_pids($1)
read_files_pattern($1, docker_var_run_t, docker_var_run_t)
')
########################################
## <summary>
## Execute docker server in the docker domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`docker_systemctl',`
gen_require(`
type docker_t;
type docker_unit_file_t;
')
systemd_exec_systemctl($1)
init_reload_services($1)
systemd_read_fifo_file_passwd_run($1)
allow $1 docker_unit_file_t:file read_file_perms;
allow $1 docker_unit_file_t:service manage_service_perms;
ps_process_pattern($1, docker_t)
')
########################################
## <summary>
## Read and write docker shared memory.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_rw_sem',`
gen_require(`
type docker_t;
')
allow $1 docker_t:sem rw_sem_perms;
')
#######################################
## <summary>
## Read and write the docker pty type.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_use_ptys',`
gen_require(`
type docker_devpts_t;
')
allow $1 docker_devpts_t:chr_file rw_term_perms;
')
#######################################
## <summary>
## Allow domain to create docker content
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_filetrans_named_content',`
gen_require(`
type docker_var_lib_t;
type docker_share_t;
type docker_log_t;
type docker_var_run_t;
type docker_home_t;
')
files_pid_filetrans($1, docker_var_run_t, file, "docker.pid")
files_pid_filetrans($1, docker_var_run_t, sock_file, "docker.sock")
files_pid_filetrans($1, docker_var_run_t, dir, "docker-client")
logging_log_filetrans($1, docker_log_t, dir, "lxc")
files_var_lib_filetrans($1, docker_var_lib_t, dir, "docker")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "config.env")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hosts")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "hostname")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, file, "resolv.conf")
filetrans_pattern($1, docker_var_lib_t, docker_share_t, dir, "init")
userdom_admin_home_dir_filetrans($1, docker_home_t, dir, ".docker")
')
########################################
## <summary>
## Connect to docker over a unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_stream_connect',`
gen_require(`
type docker_t, docker_var_run_t;
')
files_search_pids($1)
stream_connect_pattern($1, docker_var_run_t, docker_var_run_t, docker_t)
')
########################################
## <summary>
## Connect to SPC containers over a unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_spc_stream_connect',`
gen_require(`
type spc_t, spc_var_run_t;
')
files_search_pids($1)
files_write_all_pid_sockets($1)
allow $1 spc_t:unix_stream_socket connectto;
')
########################################
## <summary>
## All of the rules required to administrate
## an docker environment
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_admin',`
gen_require(`
type docker_t;
type docker_var_lib_t, docker_var_run_t;
type docker_unit_file_t;
type docker_lock_t;
type docker_log_t;
type docker_config_t;
')
allow $1 docker_t:process { ptrace signal_perms };
ps_process_pattern($1, docker_t)
admin_pattern($1, docker_config_t)
files_search_var_lib($1)
admin_pattern($1, docker_var_lib_t)
files_search_pids($1)
admin_pattern($1, docker_var_run_t)
files_search_locks($1)
admin_pattern($1, docker_lock_t)
logging_search_logs($1)
admin_pattern($1, docker_log_t)
docker_systemctl($1)
admin_pattern($1, docker_unit_file_t)
allow $1 docker_unit_file_t:service all_service_perms;
optional_policy(`
systemd_passwd_agent_exec($1)
systemd_read_fifo_file_passwd_run($1)
')
')
########################################
## <summary>
## Execute docker_auth_exec_t in the docker_auth domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed to transition.
## </summary>
## </param>
#
interface(`docker_auth_domtrans',`
gen_require(`
type docker_auth_t, docker_auth_exec_t;
')
corecmd_search_bin($1)
domtrans_pattern($1, docker_auth_exec_t, docker_auth_t)
')
######################################
## <summary>
## Execute docker_auth in the caller domain.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_auth_exec',`
gen_require(`
type docker_auth_exec_t;
')
corecmd_search_bin($1)
can_exec($1, docker_auth_exec_t)
')
########################################
## <summary>
## Connect to docker_auth over a unix stream socket.
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
#
interface(`docker_auth_stream_connect',`
gen_require(`
type docker_auth_t, docker_plugin_var_run_t;
')
files_search_pids($1)
stream_connect_pattern($1, docker_plugin_var_run_t, docker_plugin_var_run_t, docker_auth_t)
')
########################################
## <summary>
## docker domain typebounds calling domain.
## </summary>
## <param name="domain">
## <summary>
## Domain to be typebound.
## </summary>
## </param>
#
interface(`docker_typebounds',`
gen_require(`
type docker_t;
')
typebounds docker_t $1;
')
########################################
## <summary>
## Allow any docker_exec_t to be an entrypoint of this domain
## </summary>
## <param name="domain">
## <summary>
## Domain allowed access.
## </summary>
## </param>
## <rolecap/>
#
interface(`docker_entrypoint',`
gen_require(`
type docker_exec_t;
')
allow $1 docker_exec_t:file entrypoint;
')
_______________________________________________
Selinux mailing list
Selinux@xxxxxxxxxxxxx
To unsubscribe, send email to Selinux-leave@xxxxxxxxxxxxx.
To get help, send an email containing "help" to Selinux-request@xxxxxxxxxxxxx.
